On 14/12/2020 08:25, Geert Stappers wrote:
On Mon, Dec 14, 2020 at 06:51:18AM +0100, Duncan Webb wrote:
On 05/12/2020 15:01, Geert Stappers wrote:
On Sat, Dec 05, 2020 at 11:21:19AM +0100, Duncan Webb wrote:
On 02/12/2020 15:03, Geert Stappers wrote:
On Wed, Dec 02, 2020 at 02:45:04PM +0100, Matus UHLAR - fantomas wrote:
.....
but for now get proper message from proper command.
And add information at which network component it is.
What do you mean?
That just copy-and-paste the command and the output
from somewhere in a ((too? complex?) network is useless.
That proper message from proper command should be provided
with additional information on which device (a.k.a. network component)
it was executed.
Do you mean this?
/usr/local/sbin/dnsmasq --all-servers -H /var/etc/dnsmasq-hosts
--listen-address=192.168.0.254 --listen-address=10.99.2.1
--listen-address=10.99.0.1 --listen-address=10.99.128.1
--listen-address=127.0.0.1 --listen-address=::1 --bind-interfaces
--server=/example.net/10.99.0.1 --server=/opcase1.private/10.99.144.1
--server=/144.99.10.in-addr.arpa/10.99.144.1 --log-queries=extra
--dns-forward-max=5000 --cache-size=10000 --local-ttl=1
--conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
.....
"Works for me"
Here too today,
OK
next is to add some .conf files and see if an option causes
the refused message. I suspect that it is no-negcache that got removed after
an upgrade of the firewall software.
First is to check the syntax of the conf files.
I did some more tests this weekend and when
testing host returns this
$ host s3
s3.example.net has address 10.99.0.103
Host s3.example.net not found: 5(REFUSED)
Host s3.example.net not found: 5(REFUSED)
dig noes not report an error.
$ dig +short s3 @10.99.0.1
10.99.0.103
Also check_dns nagios plugin reports and error that it cannot resolve the
address.
At this stage there are no *.conf
Thanks and kind regards,
Duncan
At which device was the `host s3` executed?
At which device was the `dig +short s3 @10.99.0.1` executed?
By device to you mean host? If so then all the requests were executed
from a workstation 10.99.0.210
Why not `host s3 10.99.0.1` for better comparison?
The "host -d s3" command was also run. When the internet was connected
this following was seen:
$ host -d s3
Trying "s3.example.net"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57543
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;s3.example.net. IN A
;; ANSWER SECTION:
s3.example.net. 1 IN A 10.99.0.103
Received 49 bytes from 10.99.0.1#53 in 0 ms
Trying "s3.example.net"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39237
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;s3.example.net. IN AAAA
Received 33 bytes from 10.99.0.1#53 in 6 ms
Trying "s3.example.net"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63206
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;s3.example.net. IN MX
Received 33 bytes from 10.99.0.1#53 in 6 ms
When disconnected from the internet then this was the result
$ host -d s3
Trying "s3.example.net"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;s3.example.net. IN A
;; ANSWER SECTION:
s3.example.net. 1 IN A 10.99.0.103
Received 49 bytes from 10.99.0.1#53 in 0 ms
Trying "s3.example.net"
Host s3.example.net not found: 5(REFUSED)
Received 33 bytes from 10.99.0.1#53 in 0 ms
Trying "s3.example.net"
Host s3.example.net not found: 5(REFUSED)
Received 33 bytes from 10.99.0.1#53 in 0 ms
I didn't try the command "host s3 10.99.0.1".
Many thank and kind regards,
Duncan
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
